Solved Removed some malware, now wifi doesn't connect.

Sony Vaio vpceh15fx/w 15.5" led notebook...
April 1, 2014 at 19:11:10
Specs: Windows 7 Home Premium, i5-2410M 2.3GHz/4GB
I have a Windows 7 laptop that had a lot of malware (I think) and so I ran Malwarebytes and Adwcleaner and now the Wi-Fi can't connect to the internet.

See More: Removed some malware, now wifi doesnt connect.

Report •


✔ Best Answer
April 3, 2014 at 23:47:17
"I can replace it with MSE"
looking at the logs, it appears that it is already installed.
MSE with Windows firewall is what I use.

An AV's job is to warn, people do not understand the warning, so instead of googling what it means, they, click, click.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif
Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.



#1
April 1, 2014 at 19:23:31
"Malwarebytes and Adwcleaner"
Copy & Paste the contents of the logs please, so I can see what was removed.

message edited by Johnw


Report •

#2
April 1, 2014 at 19:26:02
Manually restoring the Internet connection

Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
Simply click on the Repair menu option.

message edited by Johnw


Report •

#3
April 1, 2014 at 20:04:34
I neglected to mention that this isn't my computer but instead belongs to a cousin who asked for my help. I managed to remove the infections, I think, but now the laptop won't connect with the Wifi. Ethernet works fine, oddly.

P.S.: I couldn't follow the instructions you gave me. I got as far as the Network and Internet control panel.

It won't let me paste all the logs: "413 Request Entity Too Large" What should I do?


Report •

Related Solutions

#4
April 1, 2014 at 20:15:53
I have to go out.
Only got time to deal with the log question.

If any of the logs are too large, upload them using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for images.
http://i.imgur.com/mWxzNlv.gif
http://i.imgur.com/ODCCcPf.gif
http://i.imgur.com/zalhLtW.gif
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif
Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#5
April 1, 2014 at 20:22:49
Alright, so I used Dropbox since I already have that. Here they are:

AdwCleaner[R0]
https://www.dropbox.com/s/66km8tpkn...

AdwCleaner[S0]
https://www.dropbox.com/s/bhang6s9y...

AdwCleaner[R1]
https://www.dropbox.com/s/wk56cbhcs...

AdwCleaner[S1]
https://www.dropbox.com/s/0b9toufns...

Malwareybytes Scan log
https://www.dropbox.com/s/frcy7nf39...


Report •

#6
April 2, 2014 at 00:24:48
Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

Report •

#7
April 2, 2014 at 00:46:20
"P.S.: I couldn't follow the instructions you gave me"

Run Tweaking.com - Windows Repair Start at Step 1 & when you get to the final step, check/tick the boxes listed below.
Disable your antivirus program before running Windows Repair.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
Copy and Paste the contents of the following log in your reply:
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt

Check/tick the following.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair File Association
Restore Important Windows Services
Set Windows Services To Default Startup

message edited by Johnw


Report •

#8
April 2, 2014 at 12:02:37
My mistake, I should've been more specific. I meant, I couldn't follow your instructions to manually restore the internet connection. I go to Control Panel, then Network and Internet (I'm in Category view), and then I get stuck because I can't find Network Connections.

Under the Network and Sharing Center category I only see:
View Network Status and Tasks, Connect to a Network, View network computer and devices, Add a wireless device to the network.

Also, I've run Malwarebytes a few more times and installed and ran Microsoft Security Essentials and both report there are no more infections, so do you think I really need to install Junkware Removal Tool?


Report •

#9
April 2, 2014 at 12:11:32
"My mistake, I should've been more specific"
I understood, run Tweaking.com

"do you think I really need to install Junkware Removal Tool?"
Yes.


Report •

#10
April 2, 2014 at 12:34:39
So, surprisingly, the WiFi seems to be working...in a way. I was able to go to tweaking.com and download the app, I was able to update Malwarebytes database, but most times I try to visit a webpage it won't load or loads very, very slow. Checking the status of the connection displays the speed at 1 and 5.5 Mbps.

I've installed and started tweaking.com app and step 1 dictates I make sure the system is clean from infections by running malwarebytes, so that's what I'm doing.


Report •

#11
April 2, 2014 at 15:22:25
So I ran the Junkware Remove Tool. Here's the log:

https://www.dropbox.com/s/2l8u2smpl...

The tweaking.com app just finished and restarting windows. Will post the log soon.

message edited by Tonyjr


Report •

#12
April 2, 2014 at 15:36:05
Here's the tweaking.com log:

https://www.dropbox.com/s/2p4o820w4...


Report •

#13
April 2, 2014 at 17:39:58
Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#14
April 2, 2014 at 19:03:47
I forgot to mention that I had run ComboFix before, as per the instructions in a guide I found on removing malware and the log is here:
https://www.dropbox.com/s/ty8n0w56n...

However, I still went ahead and ran it again, but this time I received a popup that it would run in Reduced Functionality mode:
https://www.dropbox.com/s/epjdgqg6x...


Report •

#15
April 2, 2014 at 19:05:42
Additionally, I tried following the steps to Manually Restoring the Internet Connection, but when I right-click on my wifi network adapter, I don't get an option to repair it, only to diagnose, which ultimately does nothing to fix it.

Report •

#16
April 2, 2014 at 19:17:06
Run Combofix again please. You must put Combofix onto the Desktop & run it from there. Refer my previous post.

You need to download the latest version, he brings out a new version often.
Uninstall the old version this way.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.


Report •

#17
April 2, 2014 at 19:58:00
Alright, I ran ComboFix again as requested. I placed it in the Desktop instead of running it from my flash drive.

https://www.dropbox.com/s/va20ibbls...


Report •

#18
April 2, 2014 at 20:04:36
Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it onto your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#19
April 3, 2014 at 10:51:24
Unhide log:

https://www.dropbox.com/s/loz3xisnz...

RogueKiller log:

https://www.dropbox.com/s/13qsyj6l9...


Report •

#20
April 3, 2014 at 14:44:07
Maybe it's relevant, maybe not, but I've noticed in the Network Connections Panel that aside from the standard Local Area Connection and the Wireless Network Connection there's two others:
Wireless Network Connection 3 and
Wireless Network Connection 4 both of which describe using Microsoft Virtual WiFi Miniport Adapter #2 and #3.

I've disabled and uninstalled them under the Device Manager once before, but they just came back.


Report •

#21
April 3, 2014 at 17:18:00
"Maybe it's relevant, maybe not, but I've noticed in the Network Connections Panel"
Have you right clicked on all of them?
If you see a Repair option, do so.

If no Repair option, maybe there is a Troubleshooter.


Report •

#22
April 3, 2014 at 17:40:24
Right-clicking on either of those does not produce a Repair option. I only get the following for Wireless Network Connection 3,4:
Disable
Status(grayed out)
Create Shortcut
Delete(grayed out)
Rename
Properties

For LAN and Wireless Network Connection I get:
Disable
Connect/Disconnect (Wireless Connection only)
Status(grayed out)
Diagnose
Bridge Connections
Create Shortcut
Delete(grayed out)
Rename
Properties

I just did a reboot and am noticing that all four connections have a red X on them.

P.S.: I just performed the Diagnose on the Primary Wireless, it asked me select a wireless network, I selected mine, then it returned the following:
Windows was unable to connect to (my network).

message edited by Tonyjr


Report •

#23
April 3, 2014 at 17:50:21
See if this helps.

“Windows is Unable to Connect to the Selected Network”
http://helpdeskgeek.com/networking/...
http://windows.microsoft.com/en-us/...

message edited by Johnw


Report •

#24
April 3, 2014 at 18:08:45
Actually, I was just trying the ipconfig cmds from here:
http://www.bleepingcomputer.com/for...

but when I run the ipconfig /release and /renew cmds I get some errors:
https://www.dropbox.com/s/tviyg9y6j...


Report •

#25
April 3, 2014 at 18:46:24
Ok, so I may have just made things worse. I had read somewhere a suggestion that entailed going into Device Manager and Uninstalling the wifi device and deleting the driver so that upon restart Windows would reinstall it. But it seems it can't find the driver to install the Wifi device. I even downloaded the driver straight from Sony's support page and ran the installer but it didn't seem to take it.

Report •

#26
April 3, 2014 at 21:27:29
"upon restart Windows would reinstall it"
That should have worked.

Do you have the motherboard CD, it often comes with the Comp.

message edited by Johnw


Report •

#27
April 3, 2014 at 22:37:54
Model:
VPCEH15FX/W
Operating System:
Windows® 7 64-bit
http://esupport.sony.com/US/p/swu-d...

Is this the one you downloaded?
http://s02.download.sony.com/US/pc/...


Report •

#28
April 3, 2014 at 22:42:28
You still have lots of Norton files fighting with MSE ( Microsoft Security Essentials )
How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...

Report •

#29
April 3, 2014 at 23:32:00
Yes, that was the driver I had downloaded.

Ok, so turns out I was able to fix the driver issue by running a system restore to a time before I uninstalled and deleted the wifi driver. After doing so, I got the strange feeling that maybe I should test the wifi, and sure enough it worked fine. Then, I rebooted to make sure it still worked fine and wasn't just a fluke. It still worked. So now it's fixed!

But I've discovered something: when I go to the opposite side of the house from where my router is located, the connection seems to stop working. Chrome just keeps trying to load the page with no success. So, I'm thinking that maybe all this time it was just a problem with distance (although I swear I tried the wifi right in front of the router without any success).

Lastly, because this is my cousin's laptop, I'm not sure if she's attached to Norton or if I can replace it with MSE. I meant to ask, but I didn't. Is MSE just as good as Norton or better? Then again, Norton did miss all the malware it let install into the system.


Report •

#30
April 3, 2014 at 23:47:17
✔ Best Answer
"I can replace it with MSE"
looking at the logs, it appears that it is already installed.
MSE with Windows firewall is what I use.

An AV's job is to warn, people do not understand the warning, so instead of googling what it means, they, click, click.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif
Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#31
April 4, 2014 at 15:51:46
Ok, well I ran RunTFC then I went ahead and installed Unchecky on the laptop. I also installed all the windows updates it needed and uninstalled Norton. The laptop has been returned so there's nothing else I can do.
I wanted to thank you for your help with removing any trace of the infections (as much as one possibly can without wiping the system clean). I can only hope that there aren't any problems in the immediate future.

I'm not sure which post I should select as the best answer as all of them helped in the end. The last one perhaps?

message edited by Tonyjr


Report •

#32
April 4, 2014 at 16:47:42
The last one perhaps?
Yep, that will do.

For those that are googling & find this post, here is the best order of fixing.

1: Run AdwCleaner
2: Junkware Removal Tool
3: Malwarebytes Anti-Malware
4: ComboFix
5: Unhide
6: RogueKiller
7: Update & run Malwarebytes Anti-Malware again.
8: If any unusual stuff still happening ( popups etc ) Use ESET
Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
9: Any glitches caused by the infection, affecting parts of the operating system, use Tweaking.com - Windows Repair

message edited by Johnw


Report •


Ask Question